# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wpa_supplicant
pkgver=2.10
pkgrel=11
pkgdesc="utility providing key negotiation for WPA wireless networks"
url="https://w1.fi/wpa_supplicant/"
arch="all"
options="!check" # has no tests
license="BSD-3-Clause"
subpackages="$pkgname-doc $pkgname-openrc"
makedepends="linux-headers openssl-dev>3 dbus-dev libnl3-dev pcsc-lite-dev"
source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz
	wpa_supplicant.initd
	wpa_supplicant.confd
	wpa_cli.confd
	wpa_cli.initd

	CVE-2023-52160.patch

	unsafe-renegotiation-1.patch
	unsafe-renegotiation-2.patch

	0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
	0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch

	config
	wpa_cli.sh
	"

# secfixes:
#   2.10-r11:
#     - CVE-2023-52160
#   2.9-r13:
#     - CVE-2021-30004
#   2.9-r12:
#     - CVE-2021-27803
#   2.9-r10:
#     - CVE-2021-0326
#   2.9-r5:
#     - CVE-2019-16275
#   2.7-r3:
#     - CVE-2019-11555
#   2.7-r2:
#     - CVE-2019-9494
#     - CVE-2019-9495
#     - CVE-2019-9497
#     - CVE-2019-9498
#     - CVE-2019-9499
#   2.6-r14:
#     - CVE-2018-14526
#   2.6-r7:
#     - CVE-2017-13077
#     - CVE-2017-13078
#     - CVE-2017-13079
#     - CVE-2017-13080
#     - CVE-2017-13081
#     - CVE-2017-13082
#     - CVE-2017-13086
#     - CVE-2017-13087
#     - CVE-2017-13088

prepare() {
	default_prepare

	# Copy our configuration file to the build directory
	cp "$srcdir"/config "$builddir"/wpa_supplicant/.config
}

build() {
	export CFLAGS="$CFLAGS -flto=auto"
	cd "$builddir"/wpa_supplicant
	make LIBDIR=/lib BINDIR=/sbin
	make LIBDIR=/lib BINDIR=/sbin eapol_test
}

package() {
	cd "$builddir"/wpa_supplicant
	make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install
	install -Dm644 wpa_supplicant.conf \
		"$pkgdir"/usr/share/doc/wpa_supplicant/examples/wpa_supplicant.conf
	install -Dm755 "$srcdir"/wpa_cli.sh \
		"$pkgdir"/etc/wpa_supplicant/wpa_cli.sh

	local man=
	for man in doc/docbook/*.?; do
		install -Dm644 "$man" \
			"$pkgdir"/usr/share/man/man${man##*.}/${man##*/}
	done
	install -Dm755 eapol_test "$pkgdir"/sbin/eapol_test

	# dbus
	cd dbus
	install -Dm644 dbus-wpa_supplicant.conf \
		"$pkgdir"/usr/share/dbus-1/system.d/wpa_supplicant.conf
	install -Dm644 fi.w1.wpa_supplicant1.service \
		-t "$pkgdir"/usr/share/dbus-1/system-services

	# openrc runscripts
	install -Dm755 "$srcdir"/wpa_supplicant.initd \
		"$pkgdir"/etc/init.d/wpa_supplicant
	install -Dm644 "$srcdir"/wpa_supplicant.confd \
		"$pkgdir"/etc/conf.d/wpa_supplicant
	install -Dm755 "$srcdir"/wpa_cli.initd \
		"$pkgdir"/etc/init.d/wpa_cli
	install -Dm644 "$srcdir"/wpa_cli.confd \
		"$pkgdir"/etc/conf.d/wpa_cli
}

sha512sums="
021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1  wpa_supplicant-2.10.tar.gz
8e5f0958f6086c465d7a13e793be7dedc021fae2162f0f3b29d00919c355f13e1c257744ae99ae063cca525fb8fa03abd5c117efe0ba9c6812b560ce62366846  wpa_supplicant.initd
24bc4d46f3a8923890f233e433928c3f1204ab5f15a1c32b21dca220af89e2474026059e1040834db88cd3d8f6b61c46abb5cf18bda906e78dcd8fccd0f2a382  wpa_supplicant.confd
c3db077fa78dd296d90d07626cb4e684f87618a77ffd51c1ae04b47be7bc0db1e9a3e0f7442acef21c081f6bb782f150cbbd3d0bf245d6ab43f19da3899b53b9  wpa_cli.confd
f4b9c86530a2b10cd50e6014c9bee1d143714ab9f86bf29119dcd2c86dec5239c356518a36147d6418e4eb31aa4a7df3e5c86647779d2b4626bffcfe6685f362  wpa_cli.initd
955c219a9e4e3e89f7f880561755059ea9f1ea27f5a5ec9f6a5b7c29195b06123c8eecfba324f3695bdb8cb53c401745c3d030a97e133dd1730351dc36c92fec  CVE-2023-52160.patch
9528735924faf876a7094de46760605e5e66e265187421a668be06dbf03d7b4db6b84cbad793fcd6bd614e3ba540f82f1f80660d75e8a6070eeb7e9abb54ed28  unsafe-renegotiation-1.patch
a92ba3ed3f41022a8af9396d2b703ee47f78aa05c1fddb42919a7fe6a6fad71e3515c63457e97e252ae0a32c6c34d67ea6efe0278df1e141cf36e650237e5295  unsafe-renegotiation-2.patch
fb328872087268056b035802f71df2f7af8d11699822fe68611201a07dc693c4fdb8c50dd4fd509ed6db4cca89f6003ce3303770951686a35633977f466f4fb5  0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
f8a5f5e18509b61ad6fb7ce78207c039fccfca6b71f494cbe9853bcb1b09025364554a45b6129a5b992f6327f72c8a97b660088d9c542f0e62a1c370a3c628a8  0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
9b8b1a914038e84ae2bf162d819d58aa449d249f3684bb86ecda6178956163941d4fc4e92fd14cc4ff3eec17a14e03f20c3a59e94841ed5b9811aef37fa9910e  config
212c4265afce2e72b95a32cd785612d6c3e821b47101ead154136d184ac4add01434ada6c87edbb9a98496552e76e1a4d79c6b5840e3a5cfe5e6d602fceae576  wpa_cli.sh
"
